Preview Mode Links will not work in preview mode

SEI Webcasts


Mar 11, 2021

Many organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed lifecycle. We will discuss how an authoritative reference, or Platform Independent Model (PIM), is needed to fully design and execute an integrated DevSecOps strategy in which all stakeholder needs are addressed, such as engineering security into all aspects of the DevSecOps pipeline to include both the pipeline and the deployed system.

We will discuss how a PIM of a DevSecOps system can be used to 1) Specify the DevSecOps requirements to the lead system integrators who need to develop a platform-specific solution that includes the system and CI/CD pipeline.

2) Assess and analyze alternative pipeline functionality and feature changes as the system evolves.

3) Apply DevSecOps methods to complex systems that do not follow well-established software architectural patterns used in industry.

4) Provide a basis for threat and attack surface analysis to build a cyber assurance case in order to demonstrate that the software system and DevSecOps pipeline are sufficiently free from vulnerabilities and function only as intended